home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hackers Underworld 2: Forbidden Knowledge
/
Hackers Underworld 2: Forbidden Knowledge.iso
/
HACKING
/
ISSM303.TXT
< prev
next >
Wrap
Text File
|
1994-07-17
|
23KB
|
457 lines
┌────── Information──────────────────────────────────────────────────┐
│ ░░░█ ░░░░░█ ░░░░░█ ░░█ ░░█ │
├────── Systems ─────────── ░█ ── ░░░█ ── ░░░█ ─── ░░░░█ ── ░░░█ ────┤
│ ░█ ░░░░░█ ░░░░░█ ░░░░░░░░░░░░█ │
├────── Security ────────── ░█ ───── ░░█ ─── ░░█ ─ ░░█ ─░░█ ─░░█ ────┤
│ ░░░█ ░░░░░█ ░░░░░█ ░░█ ░░█ │
└────── Monitor ─────────────────────────────────────────────────────┘
Dedicated to the pursuit of security awareness..............
===========================================================================
Volume 3 Number 3 July 1993
===========================================================================
IN THIS ISSUE
WHO'S READING YOUR SCREEN
What's New?
Questions on Security Tokens
Clyde's Computer Security Hall of Fame
Virus Alert
Dear Clyde
Token Demo
Jim's Corner
Computer Speak
Computer Security Slogan Awardees (Insert)
The ISSM is a quarterly publication of the Department of Treasury, Bureau of the
Public Debt, AIS Security Branch, 200 3rd Street, Parkersburg, WV 26101 (304)
480-6355
Editors: Ed Alesius
Kim Clancy
Mary Clark
Jim Heikkinen
Joe Kordella
*******************************
* *
* WHO'S READING YOUR SCREEN *
* by Philip Elmer-Dewitt *
* *
*******************************
It's a situation that arises a million times a day in offices around the world.
An employee has something personal to tell a co-worker---a confidence, a joke, a
bit of gossip that might give offense if it were overheard. Rather than pick up
the phone or wander down the hall, he or she simply types a message on a desktop
computer terminal and sends it as electronic mail. The assumption is that
anything sent by E-mail is as private---if not more so---than a phone call or a
face-to-face meeting.
That assumption, unfortunately, is wrong. Although it is illegal in some states
for an employer to eavesdrop on private conversations or telephone calls---even
if they take place on a company-owned phone==there are no clear rules governing
electronic mail. In fact, the question of how private E-mail should be has
emerged as one of the stickiest legal issues of the electronic age, one that seems
to evoke very different responses depending on whose electronic mail system is
being used and who is reading the E-mail.
Does the White House, for example have the right to destroy electronic messages
created in the course of running the government? That issue came to a head last
week when a federal judge barred the BushAdministration from erasing computer
tapes containing E-mail dating back to the Reagan era---including electronic memos
that are relevant to Iran-contra and might implicate officials in the Iraqgate and
Clinton passport scandals.
The White House had issued guidelines that would have allowed staff members to
delete that mountain of electronic evidence. Judge Charles Richey dismissed those
instructions as "capricious" and "contrary to the law." He specifically rejected
the argument that all substantive E-mail had been saved in computer printouts.
The paper versions, Richey noted, omit who received the documents and when. "What
government officials knew and when they knew it has been a key question in not
only the Iran-contra investigation but also in the Watergate matter."
Many historians and legal experts applauded the decision. Government officials,
they argue, are civil servants conducting the public's business; the public has
the right to review any documents they create--paper or electronic. But how would
those citizens feel if it were their E-mail that was being preserved for
posterity? Shoudn't private missives sent over a privately owned computer be
sacrosanct?
That's what Rhonda Hall and Bonita Bourke thought. Three years ago, they were
hired by a California subsidiary of Nissan to set up and run the electronic mail
networkthat links the car company's Infiniti dealers. A female supervisor heard
that some of their E-mail was getting pretty steamy and began monitoring the
messages. She soon discovered that the two had some disparaging things to say
about her, and the women were threatened with dismissal. When Hall and Bourke
filed a grievance complaining that their privacy had been violated, they were
fired.
One might think the two employees had a strong case for unlawful termination. But
their case was dismissed. Nissan's lawyers argued successfully that since the
company owned the computer system, its supervisors had a perfect right to read
anything created on it. "I'm dismayed," says Noel Shipman, the attorney who is
handling Hall and Bourkes's appeal. "To me, the simple bottom line is that
gentlemen don't read each other's mail."
But it's not that simple. The Electronic Communications Privacy Act of 1986
prohibits "outside" interception of E-mail by a third party--the government, the
police or an individual--without proper authorization (such as a search warrant).
It does not, however, cover "inside" interception-seeking a peek at the office
gossip's E-mail, for example. In the past, courts have ruled that interoffice
communications were considered private only if employees had a "reasonable
expectation" of privacy when they sent it.
The fact is no absolute privacy exists in a computer system, even for the boss.
System administrators need to have access to everything in a computer in order to
maintain it. Moreover, every piece of E-mail leaves an electronic trail. Though
Oliver North tried to delete all his electronic notes in order to conceal the
Iran-contra deal, copies of his secret memos ended up in the backup tapes made
every night by the White House system operators. "The phrase 'reasonable
expectation of privacy' is a joke, because nobody reasonably expects any privacy
nowadays," says Michael Godwin, general counsel for the Electronic Frontier
Foundation, a not-for-profit group devoted to protecting the civil liberties of
people using electronic networks.
Some computer users are taking matters into their own hands. If the law will not
protect the privacy of their E-mail, they'll do it themselves--by scrambling their
messages with encryption codes. Godwin's group is advocating that the government
let private individuals use the most powerful encryption systems--systems that
even the FBI can't crack. Unfortunately, such complex codes are likely to
undermine the principal virtue of electronic mail: convenience. In the end,
people bent on private communication--or government officials involved in criminal
conspiracies--had best pick up the phone, or better yet, stroll down the hall and
have a good old-fashioned face-to-face conversation.
Copyright 1993 TIME, Inc.
Reprinted by permission.
**********************END OF ARTICLE*********************
+++++++++++++++++++++++
+ +
+ WHAT'S NEW? +
+ +
+++++++++++++++++++++++
The AIS Security Branch's Electronic BBS number has changed. Bureau telephone
changes at the Parkersburg location have been completed and the 420 prefix has
been replaced with a 480. The new BBS number is (304) 480-6083.
A new feature starts with this issue of the ISSM, titled "Jim's Corner". This
article, written by Jim Heikkinen, will list Security Branch Training offerings;
various computer security Videos; CBTs; and publications available to Bureau
personnel through the AIS Security Branch.
****************END OF ARTICLE***************
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% %
% QUESTIONS ON SECURITY TOKENS %
% By Kim Reese %
% %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
In the last issue of the ISSM, an article was published describing security